More secure storage of key material.

Add secure heap for storage of private keys (when possible). Add BIO_s_secmem(), CBIGNUM, etc. Add BIO_CTX_secure_new so all BIGNUM's in the context are secure. Contributed by Akamai Technologies under the Corporate CLA. Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Rich Salz <rsalz@akamai.com> 2015-04-24 16:39:40 -0400
committer: Rich Salz <rsalz@openssl.org> 2015-06-23 17:09:35 -0400
commit: 74924dcb3802640d7e2ae2e80ca6515d0a53de7a (patch)
tree: 6de4138b01d5f649bdaa32d858bd5fa20e9ad4b6 /crypto/ec
parent: ce7e647bc2c328404b1e3cdac6211773afdefe07 (diff)
download: openssl-74924dcb3802640d7e2ae2e80ca6515d0a53de7a.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index ebafc10de7..3f971aa46c 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -1023,6 +1023,8 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
     ret->version = priv_key->version;
 
     if (priv_key->privateKey) {
+        if (ret->priv_key == NULL)
+            ret->priv_key = BN_secure_new();
         ret->priv_key = BN_bin2bn(ASN1_STRING_data(priv_key->privateKey),
                                   ASN1_STRING_length(priv_key->privateKey),
                                   ret->priv_key);
author	Rich Salz <rsalz@akamai.com>	2015-04-24 16:39:40 -0400
committer	Rich Salz <rsalz@openssl.org>	2015-06-23 17:09:35 -0400
commit	74924dcb3802640d7e2ae2e80ca6515d0a53de7a (patch)
tree	6de4138b01d5f649bdaa32d858bd5fa20e9ad4b6 /crypto/ec
parent	ce7e647bc2c328404b1e3cdac6211773afdefe07 (diff)
download	openssl-74924dcb3802640d7e2ae2e80ca6515d0a53de7a.tar.gz